identified it as Heur.BZC.ZFV.Boxter.191.DEB17473
Hello:))))
I use one of the Azure DevOps tasks for managing my IIS service in Windows Server 2022/2019.
this task has worked correctly for at least 5 months and suddenly this task is blocked by Bitdefender and I get this error in the Azure DevOps panel "This s.c.r.i.p.t contains malicious content and has been blocked by your antivirus software"
so I logged in to the server to check the error by the Bitdefender panel and I got this error
"On-Access scanning has detected malicious behavior on C:\agent\Agent-Release-02_work_tasks\IISWebAppMgmt_0f5cd14f-3c01-4d5c-8f7a-eb96c5738dcc\3.2.0\Utility.ps1 and identified it as Heur.BZC.ZFV.Boxter.191.DEB17473.No action taken. The item will be handled further on by powershell.exe (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe). This is an Antimalware Scan Interface (AMSI) detection"
I couldn't understand the reason why Bitdefender must block this PowerShell s.c.r.i.p.t
what changed after November/2023
probably it's a false positive but I need to be sure am I right?
is it a problem on the Bitdefender side and what should I do
You can check the link of the task Azure DevOps uses to manage IIS if you think it would help to understand more about it.
[*url removed by @Flexx*]
Comments
-
This post will be closed for further comments as @Gjoksi has already provided you with the resolution in the link stated below.
https://community.bitdefender.com/en/discussion/99494/identified-it-as-heur-bzc-zfv-boxter#latest
RegardsLife happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1